This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies.You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

An error has occurred.

The threat landscape becomes more daunting by the day. Increasingly sophisticated attacks are being spotted in the wild, and security teams are scrambling to keep up with attacks targeting end users. More than ever, the attacks targeting our endpoints and servers alike are stealthier, harder to detect with traditional tools and more likely to focus on persistence and longer term damage.

In the 2018 SANS “Endpoint Protection and Response” survey, 42 percent of respondents indicated that at least one of their endpoints had been compromised in the previous 12 months, primarily through browser exploits and social engineering. Sixteen percent of those who experienced a compromise noted that they discovered it via third-party notification, which suggests that many endpoint security tools and tactics in use today are inadequate and we really need better prevention and detection tools right now. Almost 60 percent of respondents also indicated that they would like to see artificial intelligence (AI) and machine learning capabilities implemented in their endpoint protection tools but don’t currently have them.

The previous generation of signature-based detection tools is failing us. Many attacks don’t leverage malware at all: Attackers are using memory-resident techniques, compromised credentials and built-in system tools such as PowerShell to avoid detection by many of the traditional endpoint security platforms. Many endpoint tools also consume significant system resources.

SANS had the opportunity to review Cybereason’s AI hunting platform, which offers a lightweight, more behavior-focused model of host-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments. The company recognizes that most enterprises are lacking analytics experts and don’t have enough time to train tier 1 analysts on the job, so one of the primary goals of the platform is to help overcome today’s security skills gap. By emphasizing ease of use, built-in intelligence
and search tools, rapid event triage, and highly capable hunting methods, Cybereason is a capable, intelligence-driven system that many security operations center (SOC) teams could leverage immediately to prevent or analyze attacks more quickly. Our review environment was set up with real exploits and malware in a testbed operated by Cybereason, and we fully analyzed numerous examples of the product in action.

WHO WE ARE

We are rewriting the rules on how organizations protect themselves against rapidly evolving adversaries. Today’s threat environment requires understanding the adversary and attack landscape. Since our start in 2012, our technology has stopped the world’s most advanced cyber attacks. And we harbor even greater ambitions.

WHY WE'RE HERE

We are here to protect our customers by exploiting their adversaries’ weaknesses.

The layers of protection a company has are irrelevant since adversaries will always find a way to bypass them.

However, after infiltrating an organization, the attackers are vulnerable. Their activity offers an opportunity to discover the attack. So we developed an endpoint detection platform that uses this insight to empower security teams.

WHAT WE DO

We instantly tell companies if they are under attack, the attack’s impact and how to immediately stop the threat.

Our platform finds a single component of an attack and connects it to other pieces of information to reveal an entire campaign and shut it down. Even the most talented analysts would struggle with detecting a threat and quickly building a complete attack story. We simplify this process.

WHAT MAKES US DIFFERENT

The military is part of our heritage. Many of our employees served in the Israel Defense Forces’ 8200 unit, an elite group that specializes in cyber security, giving them extensive experience with hacking operations. We are applying the military’s perspective on cyber security to enterprise security.

To us, security is not mysterious and encompasses more than laptops, servers and malware. It is a complex operation run by people who use a variety of techniques to achieve specific goals.

WHERE WE'RE GOING

We started with endpoint detection and response, but we have a bigger objective: to protect it all.

Our technology works on more than just traditional hardware. We envision protecting wearables, cars and Internet of Things devices. In other words, anything that has a processor and is connected to the Internet.

This is a very lofty goal, but we have bold ideas. We are changing the landscape, returning power where it belongs – with the defenders.